Email authentication protocols play a significant role in ensuring a domain name cannot be forged or spoofed. This forms a first-level defense against impersonation threats where a renowned brand name is exploited to send malicious emails. This is why HubSpot recommends that users implement SPF, DKIM, and DMARC to comply with mailbox provider policies and rules.
Let’s look at the steps in configuring HubSpot DMARC, SPF, and DKIM.
How to Add HubSpot SPF Record?
To enable HubSpot SPF record, you can follow the steps given below:
- Log in to your HubSpot account.
- Click on the settings icon in the navigation bar.
- In the left side menu bar, go to “Content” > “Domains & URLs”.
- On this page, select “Connect a domain”.
- In the Connect a domain information box, select “Email Sending”, and click on “Connect”.
- On the domain connection page, enter your email sending address, verify its accuracy, and click “Next”.
- On the following page that opens up, you should be able to find the DNS record syntax for HubSpot SPF records listed in the “SPF” section.
- Copy the values under “Host” and “Required data” and paste them on your domain’s provider’s DNS record settings.
Note: You can create a new record for HubSpot SPF in your DNS if there is none configured for the same domain. However, if you have an existing record configured, avoid publishing multiple SPF records for that same domain. Instead, update the existing record by using the “include:” mechanism. Simply add a field in your SPF syntax starting with “include:(paste required data text)”.
How to Add HubSpot DKIM Record?
To enable HubSpot DKIM record, you can follow the steps given below:
- Log in to your HubSpot account.
- Click on the settings icon in the navigation bar.
- In the left side menu bar, go to “Content” > “Domains & URLs”.
- On this page, select “Connect a domain”.
- In the Connect a domain information box, select “Email Sending”, and click on “Connect”.
- On the domain connection page, enter your email sending address, verify its accuracy, and click “Next”.
- On the following page that opens up, you should be able to find the DNS record syntax for 2 HubSpot DKIM CNAME records listed in the “DKIM” section.
- Copy the values under “Host” and “Required data” and paste them on your domain’s provider’s DNS record settings.
How to Add HubSpot DMARC Record?
To enable HubSpot DMARC record, you can follow the steps given below:
- Log in to your HubSpot account.
- Click on the settings icon in the navigation bar.
- In the left side menu bar, go to “Content” > “Domains & URLs”.
- On this page, select “Connect a domain”.
- In the Connect a domain information box, select “Email Sending”, and click on “Connect”.
- On the domain connection page, enter your email sending address, verify its accuracy, and click “Next”.
- On the following page that opens up, you should be able to find the DNS record syntax for the HubSpot DMARC record listed in the “DMARC” section.
- Copy the values under “Host” and “Required data” and paste them on your domain’s provider’s DNS record settings. Note that HubSpot provides a simple DMARC record with only the mandatory fields instead of a full record (e.g. v=DMARC1; p=none;). To make the most out of your DMARC protocol, this may not be enough. You can refer to our complete guide on how to setup DMARC for more information.
Note: For your HubSpot DMARC record we recommend starting with a DMARC policy of p=none, and slowly transitioning to p=quarantine and then p=reject while monitoring your reports.
Important Points to Consider for HubSpot Email Authentication
In their manage email authentication document, HubSpot outlines some key considerations after you have set up your DNS records. They are as follows:
- Following your DNS changes, HubSpot may take up to 80 minutes to verify your SPF, DKIM, and DMARC setups.
- The email address you configure email authentication for must be a domain that is solely used for sending marketing emails in HubSpot. It may be a subdomain as well, as long as the root domain matches the domain in your HubSpot mail “From:” address.
- If your DNS provider is Cloudflare, make sure you disable domain-wide CNAME flattening and proxy settings before configuring the authentication records.
Final Words
Implementing HubSpot SPF, DMARC, and DKIM is the right step towards ensuring digital security and email protection. HubSpot as well as the PowerDMARC team highly recommends it. However, simply setting up the protocols isn’t enough!
To make the most of your email authentication efforts, sign up with PowerDMARC today. We have helped thousands of organizations, MSPs, and governments manage, monitor, and maintain their email authentication protocols through a single interface. Get started today!
Content Review and Fact-Checking Process
This article has been curated by an email security expert, along with references to official HubSpot email authentication documents.
- 5 Common DNS Vulnerabilities and How to Protect Your Network - December 24, 2024
- Introducing DNS Timeline and Security Score History - December 10, 2024
- PowerDMARC One-Click Auto DNS Publishing with Entri - December 10, 2024